Error using layer7 on floating rule
-
Hello,
I'm experimenting errors using layer7 on floating rules.
Tested on 2.0-RELEASE and on 2.2.4-RELEASE with similar behavior.
I get the following messages in /var/log/system.logon pfSense-2.0-RELEASE
Oct 26 13:32:40 pfSense ipfw-classifyd: unable to write to divert socket: Host is downon pfSense-2.2.3-RELEASE
Oct 26 09:46:18 pfSense ipfw-classifyd: unable to write to divert socket: Operation not permittedThe filter rules are:
On LAN
pass in quick on em0 all flags S/SA keep stateFloating:
pass out on em1 proto tcp/udp all divert 52048ipfw-classifyd runs as:
/usr/local/sbin/ipfw-classifyd -n 8 -q 700 -c /tmp/l7test.l7 -p 52048 -P /usr/local/share/protocolsIf I set the layer7 on LAN interface rule, everything works fine.
The above errors are for packets classified to pass by ipfw-classyfyd at the sendto() call to reinject them into IP stack.
The layer7 filter I set does not look to be relevant.Is the above an expected behavior?
Did anybody already see similar errors? I searched the forum with no luck.Thanks for the help.
marco
-
You must be the first one for whom "everything works fine". L7 has been completely unusable with 2.2.x…
-
I'm actually using/testing 2.0-RELEASE and "everything works fine" on it. Sorry for the confusion.
I picked the last release to reproduce the problem with floating rules. Didn't realize layer7 was broken on 2.2I just made the same test with 2.1.5-RELEASE and got
Oct 27 06:33:12 pfSense ipfw-classifyd: unable to write to divert socket: Host is down
with layer7 container on floating rule. While layer7 container on LAN rule works as expected.
On 2.0-RELEASE the "Host is down" is 64 EHOSTDOWN.
-
I don't think you'll have much luck trying to get help with prehistoric releases. Noone's using them.
-
Well, my question was if that were a problem which has been ever seen and/or fixed in some newer release.